Blog Posts

Credit Unions Versus Inevitable Cyber-Attacks

3/11/2024

Link: https://info.cygnvs.com/resources/insights/credit-unions-versus-inevitable-cyber-attacks

Credit unions deal with troves of sensitive financial information and Personal Identifiable Information (PII). This makes them a prime target for cybercriminals. A recent report by Arctic Wolf highlighted an alarming statistic. Financial services firms are 300 times more likely to face cyber-attacks, with an average breach cost of $5.9 million USD.
A breach in a credit union's security can lead to severe consequences. These extend beyond mere financial losses, like fraudulent spending and the cost of replacing debit cards. They also include revenue loss due to downtime and damage to their reputation. This damage often results in lost members. The aftermath of such incidents can be especially catastrophic for smaller credit unions, potentially jeopardizing their continued existence.

Challenges Faced by Credit Unions
Credit unions often operate insufficient and outdated technology. This can make them susceptible to cyber threats. Darrin Johnson, MD of Cybersecurity Services at Progent, a managed security service provider, observed multiple instances where PII and sensitive information were left on outdated, unpatched servers. Furthermore, Joshua Marpet, IAN Faculty advisor and CMMC author, found that many credit union technology inventories are not adequately updated. This leaves them vulnerable to end-of-life systems still being utilized.

Managing Third Party Risk
Credit unions often leverage third parties to enhance the features and functionality offered to their members. Threat actors see this as an easy way to carry out cyber-attacks. This type of susceptibility was highlighted recently when ransomware infected 60 credit unions through a vulnerability in a third-party IT vendor (CVE-2023-4966). This disrupted operations and exposed the credit unions' exposure to third-party risks.

Redefining Cyber Resilience for Credit Unions
Recognizing the challenges credit unions face, the National Credit Union Association (NCUA) advises credit unions to adopt a proactive approach. The NCUA suggested measures include patching vulnerabilities, implementing MFA (Multi-Factor Authentication), conducting security awareness training, enhancing email security, and establishing an incident response plan.

CYGNVS takes it a step further—it’s not just about having a plan; it’s about having a dynamic response plan. It should be available and easily accessible even if your network is compromised and your files are encrypted by a threat actor. Cybersecurity MDR company Critical Start says that “preparing for potential breaches, credit unions can bolster their defenses and safeguard the financial well-being of their members.”

CYGNVS enables credit union cybersecurity teams to actively participate in and respond to simulated cyber threats in the same place they will ultimately fight from. This approach helps you identify and update your response playbooks on the fly. It also gives your team the muscle memory needed to respond to cyber-attacks.

Staying Compliant
Credit unions must comply with regulation, adding complexity to incident response efforts. These standards are constantly under review and revised to keep up with evolving technologies.  The NCUA says that “all federally insured credit unions must notify the NCUA as soon as possible, and no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.” CYGNVS not only assists in complying with existing regulations but also adapts to evolving standards.
CYGNVS’ incident command center offers a single pane of glass to ensure all the necessary steps have been taken and completed. This helps accelerate response timelines allowing companies to meet their regulatory requirements to report within a given timeframe. The true test of preparedness arises when a team can demonstrate that their organization can confidently execute a response plan swiftly and effectively.

The CYGNVS Advantage
Navigating a cyber incident can become complex with the involvement of numerous stakeholders, including the general counsel, CISO, C-suite executives, operations, security, incident response teams, crisis communications and PR agencies, as well as third-party providers like outside counsel, forensics, crisis communications etc. In the event of a cyber incident, CYGNVS provides a secure, out-of-band place to not only swiftly respond to the cyber-attack, but also to report the incident in the required timeframe

With the CYGNVS platform’s Dynamic TenancyTM capability, you gain access to a secure place where you can effectively collaborate both internally and externally, with fine-grained access control across all users. CYGNVS provides a fortified environment for real-time information sharing, communication, and collaboration between internal and third-party teams.

Additionally, CYGNVS’ patented Isolate ModeTM raises the drawbridge to your company data, ensuring that only stakeholders with the right privileges can communicate and collaborate on the platform, preventing threat actors from gaining access to your response strategy.

0 Comments

Buckle Up! CYGNVS’ Cybersecurity Predictions for 2024

12/11/2023

0 Comments

Link: https://info.cygnvs.com/resources/insights/buckle-up-cygnvs-cybersecurity-predictions-for-2024

Strap in and prepare for a wild ride in 2024, as it is already shaping up to be a pivotal cybersecurity year. Bolstered by generative AI (Artificial Intelligence), ransomware uptrends, evolving regulations, and a booming cybercriminal economy, threat actors have more resources to launch detrimental attacks on organizations of all sizes.

“In 2024, we will witness a heightened emphasis on preparedness and response, spurred by impending SEC regulations and the recognition of an ever-evolving threat landscape, where adversaries often outpace our defenses with new challenges. As we approach 2024, I am reminded of a 2,000-year-old lesson from Epictetus: ‘It's not what happens to you, but how you respond’ – a timeless wisdom that resonates now more than ever.” says Kevin Gaffney, CTO at CYGNVS.

According to Cybersecurity Ventures, global cybercrime costs are projected to grow by 15% annually over the next two years, reaching a staggering $9.5 trillion in 2024 and 10.5 trillion by 2025. To help organizations brace for what lies ahead, our team of cybersecurity experts at CYGNVS share five trends expected in the coming year:

Adversarial AI Attacks: The use of AI in cyberattacks will increase, enabling threat actors to automate and optimize their attack strategies by accelerating and expanding every aspect of their toolkit. AI-driven attacks will make it difficult for traditional cybersecurity measures to keep pace and identify these threats effectively.
Ransomware Evolution: Ransomware attacks will become even more sophisticated and opportunistic. Cybercriminals will employ advanced tactics, such as AI-driven attacks and exposing supply chain weaknesses, making it increasingly challenging for organizations to defend against and recover from these attacks. Ransomware demands and extortions will continue to increase as the volume of ransomware attacks continue to increase across all sectors and industries.
Critical Infrastructure Threats: Critical infrastructure, including power grids, hospitals, and transportation networks, will continue to be at higher risk of cyberattacks. Nation-state actors and cybercriminal groups will continue to target these environments, potentially causing significant disruptions and endangering public safety.
IoT (Internet of Things) and 5G Vulnerabilities: The widespread adoption of IoT devices and the implementation of 5G networks bring forth unparalleled connectivity but also expose new vulnerabilities. IoT devices, often characterized by weak security measures, become prime targets for exploitation. Simultaneously, the high-speed and low-latency capabilities of 5G introduce novel security challenges. This combination creates an expanded attack surface, enabling faster and more impactful cyberattacks that organizations must prepare to thwart.
Regulatory Transformation: A significant shift is occurring with regulations, exemplified by the recent implementation of SEC cyber disclosure rules in December. We anticipate a broader trend of governments and regulatory bodies enacting stringent cybersecurity reporting regulations. “In 2024, new SEC cybersecurity regulations will lead organizations to experience a Sarbanes-Oxley moment transforming how they approach cybersecurity” says Kevin. Organizations will face greater scrutiny and potentially severe penalties for data breaches and security lapses. Tighter cybersecurity regulations and mandates will hold C-suite executives and boards accountable.

Cybercriminals will continue to evolve their methods and tactics, while organizations must adapt their cybersecurity response measures. Discover how CYGNVS can help your organization minimize the impact of a cyberattack, to quickly recover and reduce business interruption with the confidence of CYGNVS.

0 Comments

The 3 Most Prevalent Cyber Threats of the Holidays

12/8/2023

0 Comments

Link: https://www.darkreading.com/vulnerabilities-threats/3-most-prevalent-cyber-threats-holidays

Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare — and practice! — action plans, identify key stakeholders, and consider cyber insurance.

As many of us deck the halls, some folks are dealing with the cybersecurity holiday season — that perilous time of year rife with breaches, attacks, and threats in far greater frequency than in any other time of year. Salesforce forecasts 4% global and 1% US year-over-year online sales growth across November and December — reaching $1.19 trillion and $273 billion, respectively. The surge in cyber business is a welcomed challenge to any organization, with many generating the highest volume of sales per month during those few months.
The chaos and volume of the holiday season doesn't only affect retail organizations. Partners, developers, manufacturers, supply chain, technology providers, communication providers, transportation, support systems, and more are involved in orchestrating a smooth, successful holiday shopping season. These organizations all rely on technology to create, sell, supply, transport, and collaborate. The impact of the season is broad and wide, with connections that span organizations.
For Threat Actors, That Translates to OpportunityThe increased threat activity isn't just due to the volume of business being transacted over technology. There is a perfect storm brewing during that season — a culmination of complexity, resource constraints, and vulnerabilities.
Three threats are most prevalent during the holiday season:

Increased traffic upsets the balance. As business picks up, networks are strained, and employees are busier than usual. Slower networks can leave a company more vulnerable to denial of service (DoS) attacks, and resource-constrained employees may not be able to respond to threats as quickly as they can in other seasons. Attempted ransomware attacks, for example, are predicted to increase 70% in the months of November and December, as compared to January and February, with threat actors often assuming resource-constrained businesses will simply pay the ransom.
The deals are often too good to be true. Phishing attacks also increase as consumers shopping on their employers' networks are more apt to click a link while looking for a better deal, to stay within their holiday budget. According to experts, there is a 30% increase in the average number of ransomware attacks over the holiday period compared with the prior months.
The experts have left the building. Often, employees are out of the office on holiday between the months of November and January, offline, taking their expertise and acute understanding of specific systems with them. This increases the overall vulnerability of an organization.

Preparing a DefenseWhile the threat of a cyberattack is unavoidable, what you can control is how prepared you are for a threat, how quickly you can respond, and your ability to report on that crisis in a timely fashion to regulators, customers, and partners.
For businesses aiming to enhance their preparedness, I suggest taking a few crucial steps.

Identify your team: Outline everyone’s roles and responsibilities — from internal stakeholders to external partners such as legal, insurance, and forensics. Having this clarity in a crisis facilitates a more efficient and rapid response.
Have a plan: Focus on developing a plan with concrete tasks and next steps enabling your team to mobilize swiftly and efficiently.
Practice your plan: Simply having a plan in place is insufficient. In my experience as an incident responder, I've encountered numerous situations where organizations had plans but never practiced them, resulting in their inability to efficiently recover their businesses. As my high school hockey coach often said, "Practice makes perfect," and that also goes for your incident response plans and almost everything else in life.
Have a place to communicate securely and confidentially: I've witnessed threat actors compromising IR engagements due to an IT personnel inadvertently emailing the CEO's business email during a live ransomware incident — thus informing the threat actor that digital forensics and incident response, legal, and insurance were involved. We continue to see this happening in the industry. Establishing a secure out-of-band place to communicate and collaborate is integral in your response and recovery efforts.

The holidays may be the most wonderful time of the year, but they're also the most prevalent time for cyberattacks. With a few simple steps, however, you can make strides to ensure your business is prepared for whatever the next few months have in store.

0 Comments

Alex Waintraub On Why the US Government is Getting Serious About Medical Device Cybersecurity - An Interview With David Leichner

12/7/2023

0 Comments

Link: https://medium.com/authority-magazine/alex-waintraub-of-cygnvs-on-why-the-us-government-is-getting-serious-about-medical-device-2e05e4588551

In an era where technology is revolutionizing healthcare, medical devices — from pacemakers to insulin pumps to hospital imaging machines — are becoming increasingly interconnected. While these advancements offer unprecedented benefits, they also expose healthcare systems and patients to new cybersecurity risks. Cyberattacks on medical devices can result in compromised patient safety, data breaches, and even loss of life. Acknowledging the gravity of the issue, the US Government is ramping up its focus on medical device cybersecurity through regulations, initiatives, and collaborations with industry stakeholders. As a part of this series, we had the pleasure of interviewing Alex Waintraub of CYGNVS.
Alex Waintraub is a cyber security professional and currently the DFIR Expert Evangelist. With over a decade of experience in IT, Security Operations, and DFIR, he possesses in-depth knowledge of security analytics, leadership qualities, and the ability to work with small-or large-scale cyber security teams. He has been a part of CyberSecurity operations for several global retail, commercial, financial, and technology enterprises. He graduated with a bachelor’s in Information Technology and Network Security from NYIT.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about CYGNVS and your role at the company?
Absolutely. CYGNVS is the Latin word for swan. Cyber breaches are common, but cyber crises are black swan events for most organizations. In the age of evolving technology, we know it’s no longer a matter of if a cyber incident can happen — but when. Moreover, The World Economic Forum found that 95% of cybersecurity breaches are caused by human error. The CYGNVS Cyber Crisis Command Center was created to bridge a critical gap in preparedness with a solution that provides a safe, secure, and guided space to swiftly work through a cyber crisis. I am a Digital Forensics and Incident Response (DFIR) professional at CYGNVS. In my role, I lead security operations for our clients to build incident response plans while triaging, validating, and defending against escalations for a range of security incidents.
Are you working on any exciting new projects now? How do you think that will help people?
We are always working on new innovations to provide organizations with a safe space during the stressful moments of a cyber incident. We built the CYGNVS platform to be a safe harbor by creating an out-of-band system that acts as a secure and separate “war room” to get them back on their feet to safety. We’re extending that secure and out-of-band approach to our incident command center, enabling connection with an ecosystem of trusted experts while allowing organizations to maintain ownership of their sensitive data. Additionally, we’ve enabled legal teams to generate comprehensive regulatory and compliance reports that include incident timelines, risk assessments and other critical data points that are protected and accessible only to designated participants. Through our out-of-band incident command center, lawyers, forensics specialists, insurers, and other expert consultants are available with a click to help businesses respond and recover during a crisis.
Ok, thank you. Let’s now move on to our main topic. For the uninitiated, can you explain the nature and scope of cybersecurity threats to modern medical devices? How significant is the risk in comparison to other sectors?
Of course. When we talk about medical devices, we refer to various technologies, from simple thermometers to complex machines like MRI scanners. All these devices, big and small, are susceptible to cybersecurity threats. Additionally, the interconnected nature of these devices in a healthcare setting amplifies the risk. For instance, a basic device like a tongue depressor may not pose a cyber threat, but devices involved in treatments connected to remote systems or the cloud can be vulnerable. Cyber threats in healthcare are significant due to the potential for remote interference, data breaches, and the interconnectedness of devices that can cause a domino effect if one system goes down. The risk is substantial, especially when considering the potential impact on patient safety and the integrity of healthcare systems. Threat actors are typically attracted to critical healthcare data, often for the implications of potential financial gain. Research has found that 86% of breaches are financially motivated, and 10% are motivated by espionage. According to the American Hospital Association, healthcare organizations are particularly targeted by cyber-attacks because they possess large amounts of high-value information. Take the 2017 WannaCry ransomware attack, for example. The widespread attack infected 230,000 computers across 150 countries in just hours. The attack also targeted the U.K.’s National Health Service systems, causing cascading issues, including delays in non-urgent surgeries, canceled patient appointments, and the inability to access patient records.
Could you highlight some key regulations or initiatives that the US Government has introduced or proposed specifically targeting medical device cybersecurity? How have these been received by industry stakeholders?
To address recent breaches within the industry, the 2023 omnibus package signed by President Biden requires device manufacturers to provide key cybersecurity information to the FDA before market release. The FDA, in response, has implemented legally binding guidelines and received a $5 million boost to enforce these rules. With these regulations in place, manufacturers must prove their ability to address cybersecurity vulnerabilities post-market release, including patching and vulnerability disclosures. Industry stakeholders, such as the Medical Imaging & Technology Alliance, have generally welcomed the FDA’s flexibility in implementing these cybersecurity provisions. This underscores the necessity for manufacturers and healthcare providers to proactively plan for potential cyber threats. Implementing a secure out-of-band incident command center is crucial for rehearsing responses to potential cybersecurity incidents.
From a manufacturer and healthcare provider perspective, what are the most pressing challenges in adapting to and complying with these cybersecurity regulations? Are there any unforeseen hurdles they’ve had to navigate?
While these regulations are necessary, they do pose new challenges for manufacturers and healthcare providers. Some of the most prominent issues include updating devices with outdated operating systems, addressing known vulnerabilities, and ensuring the connectivity and interoperability of devices. The industry as a whole faces the need for additional staff to review cybersecurity information, the development of programs to respond to vulnerabilities, and the release of comprehensive guidance. Plus, requiring a software bill of materials and external testing adds transparency but may be a bit tricky to put into action.
With regulations becoming more stringent, do you think this might impede or slow down the innovation of medical devices? How are manufacturers ensuring both security and the continuous advancement of medical technology?
While stringent regulations aim to enhance cybersecurity, there’s a concern about their impact on the pace of innovation. The FDA’s decision not to outright reject new device applications, instead working with sponsors to address deficiencies until October, reflects a balance between security and innovation. Manufacturers need to find a middle ground, ensuring the continuous advancement of medical technology while meeting cybersecurity standards. Collaboration between industry stakeholders and regulatory bodies is crucial to strike this balance.
What are your “5 Things Everyone Should Know About Medical Device Cybersecurity?”

Understand the connected complexity of every device: The more complex and interconnected a medical device, the higher the cybersecurity risk. For example, I worked on a cyber incident in 2020, where ransomware crippled operations at a major hospital — we observed unauthorized access to a doctor’s laptop we initially thought was random. However, that doctor was a Cardiologist and could access individual pacemakers. There was a high probability the threat actor was trying to cause more damage by potentially turning off or changing the pace of someone’s pacemaker.
Regulatory Expectations are rising: With new authorities like the Protect Access to Confidential Healthcare Act (PATCH Act) and final guidance on premarket cybersecurity controls, the FDA is signaling this risk area will receive heightened scrutiny. It is up to healthcare and medical device organizations to understand these regulations and plan for compliance accordingly.
Response agility should be mandatory for resilience: While perfect prevention is impossible, evidence shows organizations recovering within hours versus days or weeks can minimize overall business impact. I have so many first-hand stories where it took hospitals weeks to recover due to legacy protocols and zero incident response (IR) planning. I believe that healthcare organizations that exercise regular IR planning and practices like “fire drills” are the ones who stand out for maintaining operations through potentially detrimental incidents.
Transparency through bills of materials: Manufacturers are now required to provide regulators with a software bill of materials (SBOM), enhancing transparency by detailing the components of their software, akin to an ingredient list.
The importance of balancing innovation and security: Striking a balance between innovation and security is crucial. While regulations aim to enhance cybersecurity, collaboration between industry and regulators is essential to ensure the continuous advancement of medical technology.

Let’s talk about the future. Considering the pace of technological advancements and the growing emphasis on cybersecurity, where do you see the future of medical device security in the next 5–10 years? Are there emerging technologies or methods that hold particular promise in safeguarding patient health and data?
My prediction is that there will be a significant focus on advancing medical device security through the integration of encryption, blockchain for data integrity, and AI-driven threat detection. Manufacturers and healthcare providers must strategically plan for the seamless incorporation of these advancements into their response plans. Secure collaboration among stakeholders, including manufacturers, healthcare providers, and regulators, will be crucial in creating a collective defense against emerging cyber threats. Continuous planning, preparation, and a secure out-of-band area to communicate with internal and external providers to ensure rapid response will be crucial for any business. Even more so, a secure place to track an incident response and report to regulatory bodies will be key. I predict this will become standard practice as more organizations understand that a proactive and resilient approach is the best way to safeguard patient health and data.
This was very inspiring and informative. Thank you so much for the time you spent on this interview!
About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.

0 Comments

Insider threats and the talent gap: What are organizations missing in their cybersecurity defense?

10/24/2023

0 Comments

Link:https://info.cygnvs.com/resources/insights/insider-threats-and-the-talent-gap-what-are-organizations-missing-in-their-cybersecurity-defense

Large and small organizations alike are both highly susceptible to insider threats. And it’s even harder to prevent them with the lack of internal oversight brought on by a talent gap in the cybersecurity industry.
In this article, let’s take a look at some common types of insider threats that your organization is likely to fall victim to, and how the talent gap increases your vulnerability.
From there, we’ll share strategies for leveraging technology to help you reduce the likelihood of having your data stolen by an insider threat – and discuss how you can recover quickly if it happens to you.

What is an Insider Threat?
An insider threat is a cybersecurity risk that originates from inside the organization, arising from an individual with a level of authorized access or data visibility within your environment – and the cause can be either malicious or unintentional.
In a malicious insider threat, an individual is knowingly causing harm to a business. In some cases, employees or contractors are being paid by third-party groups to grant them access to confidential data within corporate environments, as the hacking group Lapsus$ famously did to gain access to data at Microsoft and other companies. In this case, Lapsus$ was able to gain contacts all over the world, as they were able to purchase access credentials from individuals who were frustrated with their companies, enabling the threat actor to log in and cause damage before the company realizes anything is amiss. Other malicious acts may be caused by employees who are whistleblowers and are deliberately stealing and exposing data to show corporate malfeasance, or those trying to enact revenge on the company to settle a grievance.
Other insider threats are unintentional in nature and take place as a result of social engineering by a threat actor. For example, the employee may click on a phishing link where they’ll enter their corporate account credentials, or they may give confidential information to someone who is posing as an internal authority, such as the company CEO. Phishing attacks are one of the most common types of cybercrime, with 92% of organizations falling victim to phishing attacks in 2022, a 29% increase from the year before.
In these situations, the employee had no malicious intent, but the end result is no less devastating.
Insider threats of all types can lead to devastating business losses, including business disruption, reputation damage, intellectual property theft, legal liabilities to stakeholders whose data was leaked, and remediation costs. The average total cost of a data breach in 2023 was $4.45 million.

The Cybersecurity Skills Gap
Amplifying the insider threat problem, many organizations are also facing a significant cybersecurity skills gap. Only 44% of business leaders and 46% of cyber leaders say that their organizations have the people and skills they need today for adequate cybersecurity defense. In fact, 3.4 million cybersecurity experts are needed globally to support today’s digitized economy.
Recruiting is a challenge, and employers struggle to retain highly qualified cybersecurity staff: Gartner predicts that nearly half of all cybersecurity leaders are likely to change jobs due to job-related stresses by 2025. When turnover happens, important institutional knowledge is lost, and organizations are more susceptible to phishing attempts and other types of cyber attacks. Organizations are also likely to hire more underqualified employees, who will take time to build the necessary skills to establish and maintain a strong cybersecurity posture for the business.
Fortunately, bringing in the right technology solutions can help you reduce the negative consequences of shortfalls on your cybersecurity team.

How CYGNVS can help
Leveraging a best-in-class cybersecurity incident response platform like CYGNVS gives you the tools to overcome staffing shortages in helping you identify and respond to cybersecurity incidents.
CYGNVS offers a secure, out-of-band communications platform where your organization can:

Train and plan for cybersecurity investigations
Make sure your entire team is on the same page when it comes to preparation for cybersecurity incidents. You’ll be able to bring in all relevant stakeholders to share knowledge and ask and answer questions, with all historical data preserved for future employees who are involved in cybersecurity response. This will ensure that even when turnover rates are higher than you might like, none of your valuable knowledge is lost when an SME moves on. You’ll be able to build templated workflows that break down required actions by role, with permissions assigned to ensure that each stakeholder gets access to the information they need without compromising data that should remain privileged. Your team can walk through various tabletop exercises and map out their response to different scenarios, ensuring that you are well-prepared in the event that an insider threat might occur.
Respond to cybersecurity incidents on an out-of-band platform
If an insider threat results in a successful data breach, the worst thing you can do is plan out your response using your compromised channels, such as email and Microsoft Teams. Your attacker is likely to be a step ahead of you – particularly if it is a malicious attack originating within the organization.
By relying on CYGNVS, you can ensure that only trusted, vetted stakeholders who are critical to your cybersecurity operations have access to your game plan. You can invite both internal SMEs and external stakeholders, such as forensics and legal consultants, empowering you to conduct all communication related to incident detection and remediation in a secure platform where all parties have access to only the information that is relevant to them.
If you have determined that an employee acted with malicious intent, you’ll be able to consult with external counsel to determine a course of action so that you can gather all the evidence successfully to fire the employee and/or take legal action against them.
Document and analyze your response
CYGNVS gives your organization the tools to prepare an incident response plan (IRP), and map your incident response against it – so you can see where you fell short or deviated from the plan, and why. That helps you track accountability among your employees and other stakeholders, so you’ll know whether they behaved appropriately under fire, and can follow up with further training and scenario planning if necessary. You’ll also be able to segment your data into different reports for a variety of stakeholders, including investors, regulators, and others, to demonstrate best practices in your response and provide the necessary documentation to limit your legal liability and maintain your professional reputation.

Insider threats are growing more prevalent – but by building a defense posture that includes a robust, out-of-band incident response platform for building, practicing, and executing your cybersecurity defense strategy, you’ll be well-prepared to restore operations as quickly as possible if your organization is affected.

Learn more about using CYGNVS to manage your response to insider threats. Visit us at CYGNVS.com or get a demo today.

0 Comments

7 Key Takeaways from the 2023 Black Hat Conference

6/15/2023

0 Comments

https://info.cygnvs.com/resources/insights/7-key-takeaways-from-the-2023-black-hat-conference
The Black Hat Conference in Las Vegas has been one of the most important cybersecurity conferences for decades, recently celebrating its 26th year in existence. It provides a great networking opportunity and a chance to hear from cybersecurity thought leaders in all different industries, with training sessions and trend analysis on some of the biggest hot-button issues in the cybersecurity sector today. The conference also provided an opportunity to visit different vendor booths and learn more about new solutions in the cybersecurity landscape.
Naturally, several members of the CYGNVS team were in attendance to get the lay of the land.
Here are some of my key takeaways from the event:

Dwindling VC Funding in Cybersecurity: The landscape of venture capital funding in cybersecurity is undergoing a significant shift. According to data from Crunchbase, investments in cybersecurity companies have plummeted by a staggering 63% in the second quarter of this year compared to the same period last year. Startups are facing challenges in securing financing, especially in the mid- to late-stage.
In addition to the general economic pullback, the cybersecurity industry is being hit hard due to legions of failed startups in the space, and investors are reluctant to overinvest if their payoff is uncertain. Investors have been turning their focus away from innovation, and towards profitability – which means that heavy investments in cybersecurity technology may not be a priority for the foreseeable future.
Cloud Detection and Response Takes the Spotlight: The buzz at #BlackHat2023 was all about CNAPP (Cloud Native Application Protection) and their role in cloud security. The emergence of Cloud Detection and Response (CDR) solutions was evident, with several new launches and discussions around the risks of cloud risks. A CNAPP is an all-in-one cloud-based solution that streamlines the process of monitoring, detecting, and responding to cloud security threats and vulnerabilities.
In the past, I only remember seeing one player in this space, but this time there were at least six. This shift reflects organizations' realization that they need real-time observability and response capabilities, especially as the Cloud security landscape matures.
AI's Impact on Cybersecurity: The impact of generative AI in the cybersecurity realm was a prominent theme at #BlackHat2023. Conversations revolved around AI and ML's dual potential—both as powerful tools for phish and malware detection and as potential threats when misused. The innovative use of AI, like QWIET.AI's vulnerability scans that identify 0-days pre-detection, showcased the transformative potential of AI in security. Experts emphasized the need to integrate AI deeply into security workflows for real innovation.
Rising Ransomware Threat in Education: The escalating threat of ransomware, especially targeting K-12 institutions, caught everyone's attention. Education remains a prime target due to outdated technology and limited funding. The ongoing lack of resources and the increasing sophistication of ransomware attacks paint a challenging picture for educational institutions. (Source: AP News)
XDR Automation: Automation within Extended Detection and Response (XDR) solutions emerged as a crucial focus area. Streamlining and automating incident response processes garnered significant interest, reflecting the industry's push for efficiency and rapid threat containment.
New SEC RulesThe SEC has released new rules around the mandatory disclosure of cybersecurity events, with a comprehensive framework that companies must follow to avoid fines and penalties in the event of a data breach. In our discussions with customers and colleagues, we found that many organizations, especially those in the middle and lower markets, are not prepared for the new burden of proof that will be put on them if the rules are approved in December 2023 as scheduled. In my view, many companies seem to be underestimating what needs to be done to meet the SEC requirements and may find themselves in trouble come January. It’s likely that companies will need to scramble to put internal guidance in place to help them meet the new requirements, though they may be able to streamline the process by choosing the right technology solution to support their incident response management plan.
CYGNVS Is One-of-a-KindWe were curious to evaluate other vendors in the incident management space – but we never had the opportunity. We didn’t see any solutions at the event in the same space as CYGNVS. While many solutions focus on threat detection, we were the only vendor there that prioritized cybersecurity incident preparation and response on a secure, out-of-band platform that facilitates permissioned access for all stakeholders, both within and outside of an organization.
We also had the simplest demo process of any vendor at the conference we came across – while others required prospects to set up demo requests hours or days in advance, we were able to easily walk our prospects through the platform using only our mobile phone interfaces. True to our word, CYNGVS provides anytime, anywhere access to our incident response platform, making it easy to showcase its value proposition on the fly. We were gratified to see the excitement around our product and are honored to be serving a growing need in the market that will support companies in preparing for data breaches, reporting on breaches for SEC rules, and restoring business operations quickly in the aftermath of a breach.

0 Comments

Your Cyber Crisis Ally for Ransomware Incidents

5/1/2023

0 Comments

Recent high-profile ransomware attacks have showcased the destructive consequences of cyber incidents, serving as a stark reminder of the devastating impact they can inflict on businesses across all sectors. In recent headlines, large enterprises have fallen victim to relentless ransomware attacks, sending shockwaves throughout all industries. These distressing events have unmistakably emphasized the necessity for businesses of all sizes and standings to strengthen their cybersecurity measures and take the path of preparing and practicing and start readying themselves for the cyber crisis. The increasing frequency of large-scale ransomware attacks on even well-established enterprises serves as a crucial reminder that the threat of cyberattacks looms over all companies, sparing none.

Connecting the Dots

The recent surge in ransomware attacks against well-established and highly reputable organizations serves as a grim reminder of the ever-present danger of cyberattacks. These incidents not only disrupt operations but also leave indelible scars, manifesting as substantial financial losses and enduring damage to a company's reputation.

The Unpreparedness Triad

When it comes to cyber crises like ransomware incidents, there are three significant challenges that most organizations are unprepared for. These challenges can make the difference between a minor disruption and a catastrophic event:

- Effective Outside-In Response: Cyber crises often don't occur at convenient times. They strike when people are unprepared, sometimes right before a long weekend, or when key personnel are on vacation, remote, or away from their computers. Existing communication channels such as email or messaging apps, may be compromised or rendered useless. The ability to respond from the "outside-in" when traditional infrastructure and communications fail is a significant challenge.
- Coordinated Efforts with Key Stakeholders: Responding to a cyber incident requires a coordinated effort involving internal teams, including legal, IT, security, and PR, as well as 3rd party teams such as law firms, DFIR, and crisis communication specialists. The challenge is orchestrating this choreography efficiently, especially when facing tight timelines dictated by regulators, customers, or other stakeholders.
- Timely Reporting and Regulatory Compliance: During a cyber incident, time is of the essence. Meeting the demands of regulators, customers, and internal stakeholders within tight deadlines can be incredibly challenging. Effective and timely reporting is essential for maintaining trust and compliance.

Credit Unions Versus Inevitable Cyber-Attacks

Buckle Up! CYGNVS’ Cybersecurity Predictions for 2024

The 3 Most Prevalent Cyber Threats of the Holidays

Alex Waintraub On Why the US Government is Getting Serious About Medical Device Cybersecurity - An Interview With David Leichner

Insider threats and the talent gap: What are organizations missing in their cybersecurity defense?

7 Key Takeaways from the 2023 Black Hat Conference

Your Cyber Crisis Ally for Ransomware Incidents

Cyber Warrior Studios - DFIR & BEC

Alex Waintraub

Archives

Company

Support

​

Alex Waintraub

Archives

Company

Support